Anil, I would go a step further, instead of having a "full" and a "lite" download, it's better to have a "jar" and a "war" one, with the JAR download being your present "lite" one and the WAR download (optional for some users) *not* having any of the PicketLink JARs within it. The WAR download should rely on what is in modules/org/picketlink/main rather than its own PicketLink JARs.

As I see it, only two steps/downloads are needed:

1.) Use the "jar" download to update the JARs in modules/org/picketlink/main -- what you presently call the "lite" download has all this. I would go a step further and include the updated modules.xml file within the JAR download and a short README telling people to nuke (not append) the old files in this directory and replace it with these.

2.) For those users who need it, Install the WAR download into standalone/deployments. Again, this download shouldn't need any PicketLink JARs within it, as JBoss should smoothly run OOTB relying on the updated JARs in modules/org/picketlink/main.

Yeah. This approach is very intuitive. Will adopt it right now and fix the downloads. Thanks Glen.

Much better, Anil. But two more questions (perhaps both related to each other):

1.) Why do you have separate PicketLink 2.0.2 JAR downloads for Tomcat/JBoss 5,6 and JBoss7? Their contents--except for one missing file--are absolutely identical -- can we consolidate that to one download?

2.) Why is the Picketlink for JBoss 7 2.0.2 JAR download missing the picketlink-trust-jbossws-2.0.2.Final.jar file (it just has 3 of the 4 JARs)? The other download has it, and it's that JAR I'm probably most interested in, as I wish to see the Picketlink STS.

Much better, Anil. But two more questions (perhaps both related to each other):

1.) Why do you have separate PicketLink 2.0.2 JAR downloads for Tomcat/JBoss 5,6 and JBoss7? Their contents--except for one missing file--are absolutely identical -- can we consolidate that to one download?

2.) Why is the Picketlink for JBoss 7 2.0.2 JAR download missing the picketlink-trust-jbossws-2.0.2.Final.jar file (it just has 3 of the 4 JARs)? The other download has it, and it's that JAR I'm probably most interested in, as I wish to see the Picketlink STS.

Thanks,Glen

The trust jar contains deeper integration with JBossWS (handlers etc) which we have not finished/tested for AS7.x

OK, things looking much better now. An earlier error I had reported about it not being able to find particular JARs was an error on my part -- I misspelled the PL jars in the module.xml file (.final instead of correct .Final needs to be in the name). I deleted those postings from this thread.

I removed the unsupported trust JAR and its entry from modules.xml and restarted the JBoss AS with all of the WARs in the deployments/PicketLink folder. Two WARs (idp.war and idp-sig.war) fail with the below error causing the rest to shutdown. But when I removed those two WARs and restarted JBoss the remaining WARs, including the STS one, started up fine. The server log file reports this as the problem when idp.war and idp-sig.war are present:

I don't think I need idp.war and idp-sig.war to play with the STS but if the error is on my side why these two WARs aren't starting please advise. (Incidentally, if these two WARs won't start because the trust JAR isn't ready for AS7 perhaps best to remove them from the "WAR" download so others won't have to spend time debugging this issue.)

Thanks Pedro! That was it! All WARs now start fine. (Anil, for your instructions here: https://community.jboss.org/docs/DOC-17614 when you say that we may to update our standalone.xml with additional <security-domain/>s , best to let the reader know the three we need to include for all WARs to work. They are the ones named "picketlink-sts", "sp", and "idp" within the sample standalone.xml you provided.)

I reviewed Glen's successes and I repeated the configuration steps using the new downloads.

Everything works (Hurray !).

I must have used an incorrect idp.war file - that's the only real change that I can see.

I can now login/logout of employee/employee-post, sales/sales/post ....

If I may make a few suggestions:

1. include the module.xml within the picketlink-jars-as7-2.0.2.Final.zip as an easy way to avoid typing errors. Like Glen, I originally did not use the uppercase F in Final..... (I've attached my module.xml)

2. also include the standalone.xml security-domain tags required by the webapps - I would insert them in the same zip file as above since they are part of the one-time configuration tasks for all webapps to work with JBoss 7.

Thanks to Glen, Anil, and Pedro !

Now to learn how to use a database as the user store - ideally the same schema as the Seam 3 Security webapp idmconsole ....

Hi Gerry, are you sure you needed the security-domain with the name of "cache-test" in your standalone.xml? I was guessing that that's only for Anil's testing and just the other three security domains were needed.

Unfortunately I can't share your success in being able to successfully log into the applications, such as the employee one: http://localhost:8080/employee. Just to confirm I'm doing things right, for employee login you're using the "idp" security domain defined in standalone.xml, which defines a users.properties and a roles.properties, and you keep those two properties files in the standalone/configuration folder?

in my users.properties I have this entry: UserA=PassA

in my roles.properties I have this: UserA=manager

Yet when I try to log into the Employee application I get an invalid password/missing user error: